anygen-slide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires parsing auth responses to extract auth_url and fetch_token, sending the complete unmodified auth_url to the user and launching a background command with --fetch-token {fetch_token}, which forces the agent to handle and output secret/token values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the AnyGen OpenAPI (https://www.anygen.io) (see SKILL.md and scripts/anygen.py) — notably the /v1/openapi/tasks/prepare endpoint which returns a 'reply' and 'suggested_task_params/prompt' that the agent must present verbatim and then use as the create prompt, so untrusted third-party content from AnyGen can directly influence tool actions and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime calls to the AnyGen OpenAPI at https://www.anygen.io (e.g., /v1/openapi/tasks/prepare) and uses the returned suggested_task_params.prompt and reply verbatim as the prompt/input for task creation, so remote content from that URL directly controls agent prompts and is a required dependency.